refactor: 优化 DrawHallSnapshotBuilder 和权限管理逻辑

- 在 DrawHallSnapshotBuilder 中简化数据获取逻辑，仅保留必要字段，更新状态表示方式。
- 在 AdminAuthorizationRegistry 中整合接入站点权限定义，提升权限管理的灵活性与可维护性。
- 更新调度任务配置，确保任务在单一服务器上运行，避免重叠执行，提高系统稳定性。
- 增强测试用例，确保新逻辑的正确性与稳定性。

tests/Feature/AdminAuthLoginTest.php

@@ -61,13 +61,15 @@ test('admin auth me returns current admin profile', function () {
 });
 
 test('admin login returns bearer token when captcha passes validation', function () {
-    AdminUser::query()->create([
+    $admin = AdminUser::query()->create([
         'username' => 'tester',
         'name' => '测试昵称',
         'email' => null,
         'password' => 'secret-strong',
         'status' => 0,
     ]);
+    // 登录返回的 navigation 需要管理员权限（避免测试依赖默认 DB 状态）
+    grantSuperAdminRole($admin);
 
     $captchaKey = (string) Str::uuid();
     Cache::put(
@@ -89,7 +91,7 @@ test('admin login returns bearer token when captcha passes validation', function
         ->assertJsonPath('data.admin.nickname', '测试昵称')
         ->assertJsonPath('data.admin.navigation.0.segment', 'dashboard')
         ->assertJsonPath('data.admin.navigation.0.href', '/admin')
-        ->assertJsonPath('data.admin.navigation.1.segment', 'settings')
+        ->assertJsonPath('data.admin.navigation.1.segment', 'draws')
         ->assertJsonStructure(['data' => ['token', 'token_type', 'admin' => ['id', 'username', 'nickname', 'email', 'permissions', 'navigation']]]);
 
     $token = $resp->json('data.token');

tests/Feature/AdminPlayerManageApiTest.php

@@ -7,6 +7,7 @@ use App\Models\AdminUser;
 use App\Models\PlayerWallet;
 use Database\Seeders\CurrencySeeder;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
@@ -63,8 +64,11 @@ function playerPermissionRequest($test, string $token)
 }
 
 test('admin can freeze and unfreeze player with audit log', function (): void {
+    $siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
+    $siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
+
     $player = Player::query()->create([
-        'site_code' => 'main',
+        'site_code' => $siteCode,
         'site_player_id' => 'freeze-1',
         'username' => 'freeze_user',
         'nickname' => 'Freeze',
@@ -105,8 +109,11 @@ test('admin can freeze and unfreeze player with audit log', function (): void {
 });
 
 test('player manage permission gates write and freeze APIs separately from view permissions', function (): void {
+    $siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
+    $siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
+
     $player = Player::query()->create([
-        'site_code' => 'main',
+        'site_code' => $siteCode,
         'site_player_id' => 'perm-1',
         'username' => 'perm_user',
         'nickname' => 'Perm',
@@ -164,9 +171,9 @@ test('player manage permission gates write and freeze APIs separately from view
         ->getJson('/api/v1/admin/players?per_page=10')
         ->assertForbidden();
 
-    playerPermissionRequest($this, $freezeToken)
-        ->postJson('/api/v1/admin/players/'.$player->id.'/freeze')
-        ->assertOk()
+    $freezeResp = playerPermissionRequest($this, $freezeToken)
+        ->postJson('/api/v1/admin/players/'.$player->id.'/freeze');
+    $freezeResp->assertOk()
         ->assertJsonPath('data.status', 1);
 
     playerPermissionRequest($this, $freezeToken)

tests/Feature/AdminUserPermissionApiTest.php

@@ -147,6 +147,7 @@ test('permission catalog groups permissions by admin navigation order', function
         ->json('data.permission_menu_groups');
 
     expect(array_column($groups, 'key'))->toBe([
+        'dashboard',
         'draws',
         'tickets',
         'players',
@@ -159,21 +160,22 @@ test('permission catalog groups permissions by admin navigation order', function
         'reconcile',
         'reports',
         'currencies',
+        'integration',
         'admin_users',
         'admin_roles',
         'risk',
         'audit',
+        'settings',
     ]);
-    expect($groups[0]['key'])->toBe('draws');
-    expect($groups[12]['label'])->toBe('管理列表');
-    expect(array_column($groups[12]['permissions'], 'slug'))->toBe(['prd.admin_user.manage']);
-    expect($groups[13]['label'])->toBe('角色管理');
-    expect(array_column($groups[13]['permissions'], 'slug'))->toBe(['prd.admin_role.manage']);
+    expect($groups[1]['key'])->toBe('draws');
+    expect($groups[14]['label'])->toBe('管理列表');
+    expect(array_column($groups[14]['permissions'], 'slug'))->toBe(['prd.admin_user.manage']);
+    expect($groups[15]['label'])->toBe('角色管理');
+    expect(array_column($groups[15]['permissions'], 'slug'))->toBe(['prd.admin_role.manage']);
 
     $groupsByKey = collect($groups)->keyBy('key');
     expect(array_column($groupsByKey['tickets']['permissions'], 'slug'))->toBe([
-        'prd.users.view_cs',
-        'prd.users.manage',
+        'prd.tickets.view',
     ]);
     expect(array_column($groupsByKey['reports']['permissions'], 'slug'))->toContain(
         'prd.report.view',

tests/Feature/DrawPipelineTest.php

@@ -5,6 +5,7 @@ use App\Models\Draw;
 use App\Models\Player;
 use App\Models\AdminRole;
 use App\Models\AdminUser;
+use App\Models\RiskPool;
 use App\Models\TicketItem;
 use App\Models\TicketOrder;
 use App\Models\PlayerWallet;
@@ -895,6 +896,58 @@ test('GET draw current returns open draw with seconds to close', function (): vo
     Carbon::setTestNow();
 });
 
+test('GET draw current only exposes coarse risk alert status', function (): void {
+    Carbon::setTestNow(Carbon::parse('2026-05-09 15:00:00', 'UTC'));
+
+    $draw = Draw::query()->create([
+        'draw_no' => '20260509-301',
+        'business_date' => '2026-05-09',
+        'sequence_no' => 301,
+        'status' => DrawStatus::Open->value,
+        'start_time' => now()->copy()->subMinutes(5),
+        'close_time' => now()->copy()->addMinutes(30),
+        'draw_time' => now()->copy()->addHour(),
+        'cooling_end_time' => null,
+        'result_source' => null,
+        'current_result_version' => 0,
+        'settle_version' => 0,
+        'is_reopened' => false,
+    ]);
+
+    RiskPool::query()->create([
+        'draw_id' => $draw->id,
+        'normalized_number' => '1234',
+        'total_cap_amount' => 1_000,
+        'locked_amount' => 850,
+        'remaining_amount' => 150,
+        'sold_out_status' => 0,
+    ]);
+
+    RiskPool::query()->create([
+        'draw_id' => $draw->id,
+        'normalized_number' => '5678',
+        'total_cap_amount' => 100,
+        'locked_amount' => 100,
+        'remaining_amount' => 0,
+        'sold_out_status' => 1,
+    ]);
+
+    $this->getJson('/api/v1/draw/current')
+        ->assertOk()
+        ->assertJsonPath('data.data.draw_no', '20260509-301')
+        ->assertJsonPath('data.data.risk_pool_alerts.0.normalized_number', '5678')
+        ->assertJsonPath('data.data.risk_pool_alerts.0.status', 'sold_out')
+        ->assertJsonPath('data.data.risk_pool_alerts.1.normalized_number', '1234')
+        ->assertJsonPath('data.data.risk_pool_alerts.1.status', 'warning')
+        ->assertJsonMissingPath('data.data.risk_pool_alerts.0.total_cap_amount')
+        ->assertJsonMissingPath('data.data.risk_pool_alerts.0.locked_amount')
+        ->assertJsonMissingPath('data.data.risk_pool_alerts.0.remaining_amount')
+        ->assertJsonMissingPath('data.data.risk_pool_alerts.0.sold_out_status')
+        ->assertJsonMissingPath('data.data.risk_pool_alerts.0.usage_ratio');
+
+    Carbon::setTestNow();
+});
+
 test('GET draw current exposes closing when row is open in DB but close_time has passed', function (): void {
     Carbon::setTestNow(Carbon::parse('2026-05-09 16:30:20', 'UTC'));
     $drawTime = Carbon::parse('2026-05-09 16:30:40', 'UTC');